How to Disable the Audit Service

If the audit service is no longer required at some point, this procedure
returns the system to the system state before auditing was enabled. If non-global
zones are being audited, their audit service is also disabled.

Caution –

This command also disables device
allocation. Do not run this command if you want to be able to allocate devices.
To disable auditing and retain device allocation, see Example 30–18.

Change to the /etc/security directory, and execute the bsmunconv script.

# cd /etc/security
# ./bsmunconv

Another effect of the script is to disable device allocation.

For information on the full effect of the bsmunconv script,
see the bsmconv(1M) man
page.

Bring the system into multiuser mode.

# init 6

Example 30–18 Disabling Auditing and Keeping Device Allocation

In this example, the audit service stops collecting records, but device
allocation continues to work. All values from the flags, naflags, and plugin entries in the audit_control file are removed, as are all user entries in the audit_user file.

## audit_control file
flags:
naflags:
## audit_user file

The auditd daemon runs, but no audit records are
kept.

Example 30–19 Disabling Auditing on a Per-Zone Basis

In this example, the audit service stops running in zone1 where
the audit service is disabled. Device allocation continues to work. When this
command is run in the global zone, and the perzone audit
policy is not set, auditing is disabled for all zones, not just the global
zone.